github/cordova-android
github/cordova-android
3
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2025-01-31 17:32:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Require security token when calling CallbackServer via XHR.

Browse Source
This commit is contained in:
Bryce Curtis 2010-10-29 10:53:59 +08:00
parent 2e5d6f5b74
commit f7254044ee
2 changed files with 51 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
framework/assets/js/phonegap.js.base
View File

@ -578,6 +578,9 @@ PhoneGap.run_command = function() {
};
PhoneGap.JSCallbackPort = CallbackServer.getPort();
PhoneGap.JSCallbackToken = CallbackServer.getToken();
/**
* This is only for Android.
*
@ -623,7 +626,7 @@ PhoneGap.JSCallback = function() {
}
}
xmlhttp.open("GET", "http://127.0.0.1:"+CallbackServer.getPort()+"/" , true);
xmlhttp.open("GET", "http://127.0.0.1:"+PhoneGap.JSCallbackPort+"/"+PhoneGap.JSCallbackToken , true);
xmlhttp.send();
};

75
framework/src/com/phonegap/CallbackServer.java
View File

@ -71,6 +71,11 @@ public class CallbackServer implements Runnable {
*/
private boolean usePolling;
/**
* Security token to prevent other apps from accessing this callback server via XHR
*/
private String token;
/**
* Constructor.
*/
@ -108,6 +113,15 @@ public class CallbackServer implements Runnable {
return this.port;
}
/**
* Get the security token that this server requires when calling getJavascript().
*
* @return
*/
public String getToken() {
return this.token;
}
/**
* Start the server on a new thread.
*/
@ -145,6 +159,8 @@ public class CallbackServer implements Runnable {
ServerSocket waitSocket = new ServerSocket(0);
this.port = waitSocket.getLocalPort();
//System.out.println(" -- using port " +this.port);
this.token = java.util.UUID.randomUUID().toString();
//System.out.println(" -- using token "+this.token);
while (this.active) {
//System.out.println("CallbackServer: Waiting for data on socket");
@ -153,36 +169,39 @@ public class CallbackServer implements Runnable {
DataOutputStream output = new DataOutputStream(connection.getOutputStream());
request = xhrReader.readLine();
//System.out.println("Request="+request);
if(request.contains("GET"))
{
//System.out.println(" -- Processing GET request");
// Wait until there is some data to send, or send empty data every 30 sec
// to prevent XHR timeout on the client
synchronized (this) {
while (this.empty) {
try {
this.wait(30000); // prevent timeout from happening
//System.out.println(">>> break <<<");
break;
if (request.contains("GET")) {
// Must have security token
if (request.substring(5,41).equals(this.token)) {
//System.out.println(" -- Processing GET request");
// Wait until there is some data to send, or send empty data every 30 sec
// to prevent XHR timeout on the client
synchronized (this) {
while (this.empty) {
try {
this.wait(30000); // prevent timeout from happening
//System.out.println(">>> break <<<");
break;
}
catch (Exception e) { }
}
catch (Exception e) { }
}
}
// If server is still running
if (this.active) {
// If no data, then send 404 back to client before it times out
if (this.empty) {
//System.out.println(" -- sending data 0");
output.writeBytes("HTTP/1.1 404 NO DATA\r\n\r\n");
}
else {
//System.out.println(" -- sending item");
output.writeBytes("HTTP/1.1 200 OK\r\n\r\n"+this.getJavascript());
}
}
}
// If server is still running
if (this.active) {
// If no data, then send 404 back to client before it times out
if (this.empty) {
//System.out.println(" -- sending data 0");
output.writeBytes("HTTP/1.1 404 NO DATA\r\n\r\n");
}
else {
//System.out.println(" -- sending item");
output.writeBytes("HTTP/1.1 200 OK\r\n\r\n"+this.getJavascript());
}
}
}
//System.out.println("CallbackServer: closing output");
output.close();